Lucene search

[email protected]NVD:CVE-2006-4653

HistorySep 09, 2006 - 12:04 a.m.

CVE-2006-4653

2006-09-0900:04:00

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.009

Percentile

82.9%

JSON

(1) Amazing Little Poll and (2) Amazing Little Picture Poll store sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password via a direct request for the lp_settings file (lp_settings.inc or lp_settings.php).

Affected configurations

Nvd

Node

amazing_little_picture_pollamazing_little_picture_poll

amazing_little_pollamazing_little_poll

VendorProductVersionCPE
amazing_little_picture_pollamazing_little_picture_poll*cpe:2.3:a:amazing_little_picture_poll:amazing_little_picture_poll:*:*:*:*:*:*:*:*
amazing_little_pollamazing_little_poll*cpe:2.3:a:amazing_little_poll:amazing_little_poll:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
amazing_little_picture_poll	amazing_little_picture_poll	*	cpe:2.3:a:amazing_little_picture_poll:amazing_little_picture_poll::::::::
amazing_little_poll	amazing_little_poll	*	cpe:2.3:a:amazing_little_poll:amazing_little_poll::::::::

References

secunia.com/advisories/21997

securityreason.com/securityalert/1527

www.securityfocus.com/archive/1/445081/100/0/threaded

www.securityfocus.com/bid/19837

www.vupen.com/english/advisories/2006/3687

exchange.xforce.ibmcloud.com/vulnerabilities/28737

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.009

Percentile

82.9%

JSON

Related for NVD:CVE-2006-4653

cvelist1 cve1